Arize Audit Log
Overview
Audit Logs provide a comprehensive record of user activities within your Arize account. They are valuable for:
Security monitoring and compliance
Tracking login attempts
Monitoring data access
Ensuring adherence to internal policies
Investigating suspicious activities
Types of Audit Logs
Arize provides three types of audit logs, each capturing different aspects of user interaction with the platform:
1. Unauthenticated Audit Logs
These logs capture user login attempts, whether successful or unsuccessful. They include:
Email address
IP address
Success/failure status
Timestamp of the login attempt
Example Query
query GetUnauthenticatedAuditLogs(
$num: Int!,
$startTime: DateTime,
$endTime: DateTime,
$cursor: String
) {
account {
unauthenticatedAuditLogs(
first: $num,
startTime: $startTime,
endTime: $endTime,
after: $cursor
) {
pageInfo {
hasNextPage
endCursor
}
edges {
node {
id
user {
email
}
ip
success
mutationName
loggedAt
}
}
}
}
}2. Authenticated Audit Logs
These logs record mutations (operations) performed by users after they have successfully logged in. They include:
Email address of the user
Operation name
Operation text (the GraphQL query)
Variables passed to the operation
Timestamp of the operation
Note: The
operationNamefield is client-supplied. When using the Arize UI, these will be consistent, but be aware that this field can be manipulated by clients and should not be solely relied upon for security-critical decisions.
Example Query
query GetAuthenticatedAuditLogs(
$num: Int!,
$startTime: DateTime,
$endTime: DateTime,
$cursor: String
) {
account {
authenticatedAuditLogs(
first: $num,
startTime: $startTime,
endTime: $endTime,
after: $cursor
) {
pageInfo {
hasNextPage
endCursor
}
edges {
node {
id
user {
email
}
operationName
operationText
variables
loggedAt
}
}
}
}
}3. Exporter Audit Logs
These logs track when data is exported from your Arize account, helping you monitor who is downloading data and from which models. They include:
Email address of the user
Model name from which data was exported
Timestamp of the export
Note: Exporter logs are only created when data is actually returned. Export requests that return zero rows will not be logged. Additionally, export requests for demo models are not logged.
Example Query
query GetExporterAuditLogs(
$num: Int!,
$startTime: DateTime,
$endTime: DateTime,
$cursor: String
) {
account {
exporterAuditLogs(
first: $num,
after: $cursor,
startTime: $startTime,
endTime: $endTime
) {
pageInfo {
hasNextPage
endCursor
}
edges {
node {
id
user {
email
}
model {
name
}
loggedAt
}
}
}
}
}Query Parameters
All audit log queries accept the following parameters:
num(required): Number of records to retrieve per pagestartTime(optional): Start of the time range to query (ISO format). If not provided, defaults to last 30 days.endTime(optional): End of the time range to query (ISO format). If not provided, defaults to now.cursor(optional): Pagination cursor for retrieving additional pages of results
Pagination
Pagination is encouraged when working with large volumes of audit logs. Each query response includes a pageInfo object with:
hasNextPage: Boolean indicating if more records are availableendCursor: Cursor to use for fetching the next page of results
Here's an example implementation of pagination for retrieving authenticated audit logs:
# Initialize variables
authenticated_logs = []
params = {
"num": 100,
"startTime": "2025-01-01T00:00:00Z"
}
# Loop through all pages
while True:
paged_response = client.execute(authenticated_audit_logs_query, params)
# Append the logs to your list
authenticated_logs.extend(paged_response["account"]["authenticatedAuditLogs"]["edges"])
# If there is another page of information, point the cursor to the next page and fetch more
end_cursor = paged_response["account"]["authenticatedAuditLogs"]["pageInfo"]["endCursor"]
print("pageInfo end_cursor %s" % (end_cursor))
if end_cursor:
print("There is another page of logs. Loading more.")
params["cursor"] = end_cursor
else:
# No more logs to pull. The list is complete!
breakLast updated
Was this helpful?